Enhanced Transaction Model Using InfoCards
Conference IIW8 Room/Time: 4/E
Convener: Jeff Stollman
Notes-taker: Ben Sapiro/Jeff Stollman
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Problems with the current transaction model keep the identity discussion going in circles. We have not used a systems engineering approach where we look at the problem from a 50,000 foot level and then parse it into appropriately granular components.
People continue to look to solve a problem for his “silo." As a result, solutions overlap and their interoperability is limited. We need to break the problem down to its granular components in order to prevent the overlap, allowing us to build solution components that are easily composable for each silo or use case.
User is effectively a subject - says they want X but thereafter are external to the conversation
Traditional model includes 3 parties: Subject (User), Relying Party (Service Provider) and Identity Provider.
Alternate model adds a fourth actor – the Information Provider – which may be along the line of Paul Trevithick's diamond model or the VRM 4th party model. Information Provider is a trusted intermediary that caches/aggregates pointers to claims on behalf of the Subject. A Subject may have more than one Information Provider. (E.g., one for medical records, one for financial claims, etc.)
Alternate model also separates Identity Provider (who provides vetting of a Subject’s ipseity) and Claim Providers who vet various assertions about the Subject.
"Ipseity" = your fundamental and unique individual identity. You have one and only one ipseity.
There's something that you're uniquely you and the rest is just claims = they're often transient
Information Provider allows you to choose claims (mix and match) to create a selection of personas that you will use to deal with the various Relying Parties.
Relying Parties might have a similar Information Provider infrastructure (Identity Provider, Claim Providers, Information Provider) to allow verification that they are who they claim to be as well as allowing them to have different personas. Businesses will want different personas to show different faces to different (or even the same) customers. (For example, Kmart owns Sears but maintains each as a separate Persona.)
See attached presentation: